India Markets closed

ISRO confirms of being alerted about DTrack malware during Chandrayaan 2, says it had no impact

tech2 News Staff

When the Indian Space Research Organisation (ISRO) was trying to land Chandrayaan 2 spacecraft's Vikram lander on the Moon, the organisation was reportedly attacked by North Korean hackers.

According to a recent report by The Quint, ISRO was one of five government agencies to come under their attack. However, the officials from the Indian space agency denied that the attack impacted the Moon mission.

Reportedly, ISRO employees accidentally installed malware on to their systems after opening phishing emails from North Korean spammers.

Another report from the Financial Times suggests that ISRO was informed about the attack in September. ISRO also confirmed to The Quint about being alerted about the attack.

"We know they were targeted, they got the link, they clicked on the link. That much we can confirm so far," Yash Kadakia, founder of Security Bridge, a Mumbai-based cybersecurity company, told The Quint.

The said attack was apparently conducted using DTrack, a type of malware, the US authorities believe, is linked to the Lazarus group controlled by the North Korean government.

A report by cybersecurity firm Kaspersky, the malware has been detected in financial institutions and research centres in 18 Indian states.

The same malware is also believed to have affected the Kudankulam nuclear plant.

On 3 September the National Cyber Coordination Center, that was set up to help the country deal with malicious cyber activities and cyber warfare, received information from a US-based cybersecurity company that a "threat actor" had breached master "domain controllers" at the Nuclear Power Corporation of India Limited's (NPCIL) Kudankulam nuclear plant as well as ISRO, with malware.

The malware was later identified as Dtrack and the officials at both these government agencies were informed about these security breaches on 4 September, two days before the scheduled Chandrayaan 2 moon landing attempt.

Dtrack is a virus that has been developed by a North Korean hacker group called Lazarus. It allows hackers to get complete control over a device and they can extract data, remotely.  Dtrack RAT (remote administration tool) can infiltrate systems with weak network security policies and password standards. Once implemented, it can access all available files and running processes, keylogging, browser history and host IP addresses, including information about available networks and active connections.

Also See: Chandrayaan 2: Orbiter insturments study Argon 40 levels in moon's exosphere for the first time

NASA to send golf cart size rover to the lunar south pole to sample the water ice

ISRO was targeted by the same malware that was used to attack NPCIL's Kudankulam nuclear plant: Report

Read more on science by Firstpost.